Intelligent authentication of users in metaverse leveraging non-fungible tokens and behavior analysis

ABSTRACT

Security measures are provided for resource exchange events occurring within a virtual environment, such as metaverse or the like. Intelligent resource exchange event authentication is realized by leveraging Artificial Intelligence (AI) and, more specifically, Machine Learning (ML) techniques to identify user behavioral patterns associated with previous resource exchange events conducted within the virtual environment and, in some instances, non-virtual environment. Current resource exchange event characteristics are compared to the user behavior patterns to ensure that the resource exchange event is authentic/legitimate. Additionally, intelligent user authentication occurs by leveraging the use of a Non-Fungible Token (NFT) that is presented by the user at the onset of the resource exchange event and is verified within a distributed trust computing network.

FIELD OF THE INVENTION

The present invention is generally directed to computer security and,more specifically, intelligently authenticating the identity of users ina virtual resource exchange event by leveraging Non Fungible Tokens andthe legitimacy of the resource exchange event by leveraging user MachineLearning (ML)-based behavior analysis.

BACKGROUND

Metaverse is a hypothetical iteration of the Internet as a single,universal and immersive virtual environment that is facilitated by theuse of virtual reality and augmented reality headsets. Thus, Metaverseprovides the ability for a user to associate with an avatar (i.e., avirtual representation/object of the user) and for the avatar to conductresource exchange events within a virtual environment. While theresource exchange event is initiated entirely within the virtualenvironment, it results in an actual exchange of resources between theuser and the resource providing entity.

Such virtual environment-based resource exchange events pose securitythreats to ensure that (i) the user is who they purport to be, (ii) theavatar/virtual object is, in fact, associated with the user and (iii)the resource exchange event is legitimate (i.e., being conducted by theuser and not by a wrongdoer). Since the resource exchange event isoccurring in a virtual environment, the measures that need to be takento address such security threats may be different than those taken toaddress non-virtual (e.g., physical or online) resource exchange events.

Therefore, a need exists to develop systems, methods, computer programproducts and the like which provide security to resource exchange eventsthat occur in a virtual environment, such as Metaverse or the like. Inthis regard, the desired systems, methods and the like should not onlyverify/authentic the user and the avatar/virtual object but should alsoverify/authentic the legitimacy of the resource exchange event itself toensure that the event is being conducted by the actual verified user asopposed to a wrongdoer acting as the user.

BRIEF SUMMARY

The following presents a simplified summary of one or more embodimentsof the invention in order to provide a basic understanding of suchembodiments. This summary is not an extensive overview of allcontemplated embodiments and is intended to neither identify key orcritical elements of all embodiments, nor delineate the scope of any orall embodiments. Its sole purpose is to present some concepts of one ormore embodiments in a simplified form as a prelude to the more detaileddescription that is presented later.

Embodiments of the present invention address the above needs and/orachieve other advantages by providing for intelligentauthentication/verification for resource exchange events that occur in avirtual environment, such as Metaverse or the like. In addition, toproviding for user authentication, the present invention verifies theauthenticity/legitimacy of the resource exchange event itself. In thisregard, Machine Learning (ML) techniques are implemented to identifyuser behavior patterns based, at least, on the user's previouslyconducted virtual environment resource exchange events and, in someembodiments, the user's previously conducted non-virtual (i.e., physicalor online) resource exchange events. In response to the user initiatinga resource exchange event in the virtual environment, characteristics orthe current resource exchange event are compared with the identifieduser behavior patterns to ensure that the current resource exchangeevent is consistent with the user's behavior patterns. Such acomparison, verifies that the authenticity/legitimacy of the resourceexchange event (i.e., verifies that the resource exchange event is beingconducted by the user and not a wrongdoer).

In addition, embodiments of the invention, provide for authentication ofthe user through user presentation of a Non-Fungible Token (NFT) that isverified through a consensus of decentralized nodes forming adistributed trust computing network (commonly referred to as a“blockchain” network). In further specific embodiments of the invention,the virtual object (i.e., avatar) is verified as being associated withthe user based on presentation of a previously generated token or thelike that is based on the object identifier.

Thus, embodiments of the present invention provide a heightened level ofsecurity for resource exchange events that occur in virtualenvironments, such as Metaverse or the like. In this regard, the presentinvention not only intelligently verifies the identity of the user butalso verifies the legitimacy of the resource event transaction itself.

A system for authenticating a user and a virtual resource exchange eventdefines first embodiments of the invention. The system includes adistributed trust computing network including a plurality ofdecentralized nodes. Each decentralized node has a first memory and oneor more first processing devices in communication with the first memory.The first memory of the decentralized nodes is configured to store oneor more distributed ledgers. Each distributed ledger including aplurality of data blocks. In response to a virtual object (e.g., avataror the like) associated with the user initiating the virtual resourceexchange event, a Non-Fungible Token (NFT) associated with the user isreceived by the distributed trust computing network and a plurality ofthe decentralized nodes are configured to validate the NFT (thevalidation of the NFT serves to authenticate the user). In response tovalidating the NFT, a data block associated with virtual resourceexchange event is stored within one of the one or more distributedledgers.

The system additionally includes a first computing platform (e.g., oneor more servers or the like) that includes a second memory and one ormore second processing devices in communication with the second memory.The second memory stores a virtual resource exchange event authorizertool that is executable by at least one of the one or more secondprocessing devices. The tool is configured to implement one or moreMachine Learning (ML) algorithms to learn one or more first userbehavior patterns. Each first user behavior pattern indicating a patternof behavior of the user in conducting, at least, prior virtual resourceexchange events. In response to receiving data/characteristicsassociated with a virtual resource exchange event being currentlyinitiated by the virtual object, the tool is further configured toimplement ML techniques to apply the one or more first user behaviorpatterns to the data associated with the virtual resource exchange eventto determine whether the virtual resource exchange event is authentic.In response to (i) the distributed trust computing network validatingthe NFT, and (ii) determining that the virtual resource exchange eventis authentic, the virtual resource exchange event authorizer tool isconfigured to authorize processing of the virtual resource exchangeevent.

In specific embodiments the system further includes a second computingplatform having a third memory and one or more third processing devicesin communication with the third memory. The third memory stores a tokengenerator tool that is executable by at least one of the one or morethird processing devices and is configured to generate a virtual objectauthentication token that associates the user with a virtual objectidentifier that identifies the virtual object (e.g., avatar) used by theuser. In such embodiments of the system, the virtual resource exchangeevent authorizer tool is configured to receive or access the virtualobject authentication token to authenticate the virtual object and theauthorizing processing of the virtual resource exchange event is infurther response to (iii) authenticating the virtual object.

In further specific embodiments of the system, the virtual resourceexchange event authorizer tool is configured to implement the one ormore Machine Learning (ML) algorithms to learn the one or more firstuser behavior patterns that are based on at least one of (i) one or moremetaverses and (ii) one or more virtual resource exchange providers atwhich the user conducted the prior virtual resource exchange events. Infurther related embodiments of the system, the one or more first userbehavior patterns that are based on at least one of (i) a type of itemor service obtained by the user in the prior virtual resource exchangeevents or (ii) an amount of resources exchanged by the user in the priorvirtual resource exchange events. In still further related embodimentsof the system, the first user behavior patterns are based on thegeographic-location (i.e., actual location) of the user when conductingthe prior virtual resource exchange events.

In additional specific embodiments of the system, each first userbehavior pattern that is identified by the virtual resource exchangeevent authorizer tool indicates a pattern of behavior of the user inconducting, at least one of, the prior virtual resource exchange eventsand prior non-virtual (i.e., physical location or online) resourceexchange events. In such embodiments of the system, the first userbehavior patterns may be based on at least one of (i) a type of item orservice obtained by the user in the prior non-virtual resource exchangeevents, (ii) an amount of resources exchanged by the user in the priornon-virtual resource exchange events, (iii) a geographic-location of theuser when conducting the prior non-virtual resource exchange events, and(iv) one or more physical or online resource exchange providers at whichthe prior non-virtual resource exchange events occurred.

In still further specific embodiments, the system includes a secondcomputing platform having a third memory and one or more thirdprocessing devices in communication with the third memory. The thirdmemory stores a resource exchange event pattern detection tool that isexecutable by at least one of the one or more third processing devicesand is configured to implement one or more Machine Learning (ML)algorithms to learn one or more second user behavior patterns. Eachsecond user behavior pattern indicating a pattern of behavior of theuser in conducting prior non-virtual resource exchange events. In suchembodiments of the system, the virtual resource exchange eventauthorizer tool is further configured to implement the one or moreMachine Learning (ML) algorithms to apply the one or more first userbehavior patterns and the one or more second user behavior patterns tothe data associated with the virtual resource exchange event todetermine whether the virtual resource exchange event is authentic.

In other specific embodiments of the system, in response to (i) thedistributed trust computing network failing to validate the NFT, or (ii)failing to determine that the virtual resource exchange event isauthentic, the virtual resource exchange event authorizer tool isfurther configured to generate and initiate electronic communication ofan alert to one or more predetermined entities that notifies the one ormore predetermined entities that the virtual resource exchange event hasnot been authorized for processing. In further related embodiments ofthe system, the virtual resource exchange event authorizer tool isfurther configured to generate one or more user behavior reports thatindicate the one or more pattern of behaviors of the user in conducting,at least, the prior virtual resource exchange events.

Moreover, in additional specific embodiments of the system, the virtualresource exchange event authorizer tool is further configured toauthenticate the virtual resource exchange event in response to thedistributed trust computing network validating the NFT.

A computer-implemented method for authenticating a user and a virtualresource exchange event defines second embodiments of the invention. Thecomputer-implemented method is executable by one or more computingprocessor devices. The method includes, in response to a virtual objectassociated with a user initiating the virtual resource exchange event,receiving, at a distributed trust network, a Non-Fungible Token (NFT)associated with the user and validating, by a plurality of decentralizednodes of the distributed trust computing network, the NFT (validatingthe NFT serves to authenticate the user). The computer-implementedmethod additionally includes, in response to validating the NFT, storinga data block associated with virtual resource exchange event within adistributed ledger of the distributed trust computing network. Further,the computer-implemented method includes implementing one or moreMachine Learning (ML) algorithms to learn one or more first userbehavior patterns. Each first user behavior pattern indicating a patternof behavior of the user in conducting, at least, prior virtual resourceexchange events. The computer-implemented method additionally includes,in response to receiving data/characteristics associated with thevirtual resource exchange event currently being initiated by the virtualobject, implementing ML techniques to apply the one or more first userbehavior patterns to the data associated with the virtual resourceexchange event to determine whether the virtual resource exchange eventis authentic, Further, the computer-implemented method includes, inresponse to (i) the distributed trust computing network validating theNFT, and (ii) determining that the virtual resource exchange event isauthentic, authorizing processing of the virtual resource exchangeevent.

In specific embodiments the computer-implemented method further includesgenerating a virtual object authentication token that associates theuser with a virtual object identifier that identifies the virtual objectused by the user, and receiving or accessing the virtual objectauthentication token to authenticate the virtual object. In suchembodiments of the computer-implemented method, authorizing processingof the virtual resource exchange event is in further response to (iii)authenticating the virtual object.

In additional embodiments of the computer-implemented method, the firstuser behavior patterns are based on at least one of (i) one or moremetaverses at which the user conducted the prior virtual resourceexchange events, (ii) one or more virtual resource exchange providers atwhich the user conducted the prior virtual resource exchange events,(iii) a type of item or service obtained by the user in the priorvirtual resource exchange events, (iv) an amount of resources exchangedby the user in the prior virtual resource exchange events and (v)geographic-location of the user when conducting the prior virtualresource exchange events.

In further specific embodiments of the computer-implemented method, eachfirst user behavior pattern indicates a pattern of behavior of the userin conducting, at least one of, the prior virtual resource exchangeevents and prior non-virtual resource exchange events. In alternatespecific embodiments the computer-implemented method includesimplementing one or more Machine Learning (ML) algorithms to learn oneor more second user behavior patterns, each second user behavior patternindicating a pattern of behavior of the user in conducting priornon-virtual resource exchange events. In such embodiments, implementingthe Machine Learning (ML) techniques to apply the one or more first userbehavior patterns further comprises implementing the Machine Learning(ML) techniques to apply the one or more first user behavior patternsand the one or more second user behavior patterns to the data associatedwith the virtual resource exchange event to determine whether thevirtual resource exchange event is authentic.

A computer program product including a non-transitory computer-readablemedium defines third embodiments of the invention. the computer-readablemedium includes a first set of codes for causing a computer to, inresponse to a virtual object associated with a user initiating thevirtual resource exchange event, receive, at a distributed trustnetwork, a Non-Fungible Token (NFT) associated with the user, a secondset of codes for causing a computer to validate, by a plurality ofdecentralized nodes of the distributed trust computing network, the NFT,wherein validating the NFT serves to authenticate the user, and a thirdset of codes for causing a computer to, in response to validating theNFT, store a data block associated with virtual resource exchange eventwithin a distributed ledger of the distributed trust computing network.In addition, the computer-readable medium includes a fourth set of codesfor causing a computer to implement one or more Machine Learning (ML)algorithms to learn one or more first user behavior patterns. Each firstuser behavior pattern indicating a pattern of behavior of the user inconducting, at least, prior virtual resource exchange events. Further,the computer-readable medium includes a fifth set of codes for causing acomputer to, in response to receiving data associated with the virtualresource exchange event being initiated by the virtual object, implementML techniques to apply the one or more first user behavior patterns tothe data associated with the virtual resource exchange event todetermine whether the virtual resource exchange event is authentic, anda sixth set of codes for causing a computer to, in response to (i) thedistributed trust computing network validating the NFT, and (ii)determining that the virtual resource exchange event is authentic,authorizing processing of the virtual resource exchange event.

In specific embodiments of the computer program product, thecomputer-readable medium additionally includes a seventh set of codesfor causing a computer to generate a virtual object authentication tokenthat associates the user with a virtual object identifier thatidentifies the virtual object used by the user, and an eight set ofcodes for causing a computer to receive or access the virtual objectauthentication token to authenticate the virtual object. In suchembodiments of the computer program product, the sixth set of codes isfurther configured to cause the computer to authorizing processing ofthe virtual resource exchange event in further response to (iii)authenticating the virtual object.

In other specific embodiments of the computer program product, the firstuser behavior patterns are based on at least one of (i) one or moremetaverses at which the user conducted the prior virtual resourceexchange events, (ii) one or more virtual resource exchange providers atwhich the user conducted the prior virtual resource exchange events,(iii) a type of item or service obtained by the user in the priorvirtual resource exchange events, (iv) an amount of resources exchangedby the user in the prior virtual resource exchange events and (v)geographic-location of the user when conducting the prior virtualresource exchange events.

In still further specific embodiments of the computer program product,the fourth set of codes is further configured to cause the computer toimplement the one or more ML algorithms to learn one or more first userbehavior patterns. Each first user behavior pattern indicating a patternof behavior of the user in conducting, at least one of, the priorvirtual resource exchange events and prior non-virtual resource exchangeevents (i.e., physical location resource exchange events and onlineresource exchange events).

Moreover, in additional specific embodiments the computer programproduct, the computer-readable medium additionally includes a seventhset of codes for causing a computer to implement one or more MachineLearning (ML) algorithms to learn one or more second user behaviorpatterns. Each second user behavior pattern indicating a pattern ofbehavior of the user in conducting prior non-virtual resource exchangeevents. In such embodiments of the computer program product, the fifthset of codes is further configured to cause the computer to implementthe Machine Learning (ML) techniques to apply the one or more first userbehavior patterns further comprises implementing the Machine Learning(ML) techniques to apply the one or more first user behavior patternsand the one or more second user behavior patterns to the data associatedwith the virtual resource exchange event to determine whether thevirtual resource exchange event is authentic.

Thus, according to embodiments of the invention, which will be discussedin greater detail below, the present invention provides for intelligentauthentication/verification for resource exchange events that occur in avirtual environment, such as Metaverse or the like. In addition, toproviding for user authentication, the present invention verifies theauthenticity/legitimacy of the resource exchange event itself. In thisregard, Machine Learning (ML) techniques are implemented to identifyuser behavior patterns based, at least, on the user's previouslyconducted virtual environment resource exchange events and, in someembodiments, the user's previously conducted non-virtual (i.e., physicalor online) resource exchange events. In response to the user initiatinga resource exchange event in the virtual environment, characteristics orthe current resource exchange event are compared with the identifieduser behavior patterns to ensure that the current resource exchangeevent is consistent with the user's behavior patterns. Such acomparison, verifies that the authenticity/legitimacy of the resourceexchange event (i.e., verifies that the resource exchange event is beingconducted by the user and not a wrongdoer).

The features, functions, and advantages that have been discussed may beachieved independently in various embodiments of the present inventionor may be combined with yet other embodiments, further details of whichcan be seen with reference to the following description and drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described embodiments of the disclosure in general terms,reference will now be made to the accompanying drawings, wherein:

FIG. 1 is a schematic diagram of a distributed trust computing network,in accordance with embodiments of the present invention;

FIG. 2 is a block diagram of an event object stored within a distributedledger of a distributed trust computing network, in accordance with someembodiments of the present disclosure;

FIG. 3 is a schematic diagram of system for generating a Non-FungibleToken (NFT) and storing the NFT within a distributed trust computingnetwork, in accordance with embodiments of the present invention;

FIG. 4 is a block diagram of an architecture for an exemplary NFT; inaccordance with embodiments of the present invention;

FIG. 5 is a schematic diagram of a machine learning environment, inaccordance with embodiments of the present invention;

FIG. 6 is a schematic/block diagram of a system forauthentication/verification of a resource exchange event being conductedin a virtual environment; in accordance with embodiments of the presentinvention;

FIG. 7 is a block diagram of a computing apparatus including a virtualenvironment resource exchange event authorizer tool, in accordance withembodiments of the present invention;

FIG. 8 is a schematic/flow diagram of a system/methodology forauthentication/verification of a resource exchange event being conductedin a virtual environment; in accordance with embodiments of the presentinvention; and

FIG. 9 is a flow diagram of a computer-implemented method forauthentication/verification of a resource exchange event being conductedin a virtual environment; in accordance with embodiments of the presentinvention.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

Embodiments of the present invention will now be described more fullyhereinafter with reference to the accompanying drawings, in which some,but not all, embodiments of the invention are shown. Indeed, theinvention may be embodied in many different forms and should not beconstrued as limited to the embodiments set forth herein; rather, theseembodiments are provided so that this disclosure will satisfy applicablelegal requirements. Like numbers refer to like elements throughout.

As will be appreciated by one of skill in the art in view of thisdisclosure, the present invention may be embodied as a system, a method,a computer program product, or a combination of the foregoing.Accordingly, embodiments of the present invention may take the form ofan entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, micro-code, etc.), or anembodiment combining software and hardware aspects that may generally bereferred to herein as a “system.” Furthermore, embodiments of thepresent invention may take the form of a computer program productcomprising a computer-usable storage medium having computer-usableprogram code/computer-readable instructions embodied in the medium.

Any suitable computer-usable or computer-readable medium may beutilized. The computer usable or computer-readable medium may be, forexample but not limited to, an electronic, magnetic, optical,electromagnetic, infrared, or semiconductor system, apparatus, ordevice. More specific examples (e.g., a non-exhaustive list) of thecomputer-readable medium would include the following: an electricalconnection having one or more wires; a tangible medium such as aportable computer diskette, a hard disk, a time-dependent access memory(RAM), a read-only memory (ROM), an erasable programmable read-onlymemory (EPROM or Flash memory), a compact disc read-only memory(CD-ROM), or other tangible optical or magnetic storage device.

Computer program code/computer-readable instructions for carrying outoperations of embodiments of the present invention may be written in anobject oriented, scripted, or unscripted programming language such asJAVA, PERL, SMALLTALK, C++, PYTHON, or the like. However, the computerprogram code/computer-readable instructions for carrying out operationsof the invention may also be written in conventional proceduralprogramming languages, such as the “C” programming language or similarprogramming languages.

Embodiments of the present invention are described below with referenceto flowchart illustrations and/or block diagrams of methods or systems.It will be understood that each block of the flowchart illustrationsand/or block diagrams, and combinations of blocks in the flowchartillustrations and/or block diagrams, can be implemented by computerprogram instructions. These computer program instructions may beprovided to a processor of a general purpose computer, special purposecomputer, or other programmable data processing apparatus to produce aparticular machine, such that the instructions, which execute by theprocessor of the computer or other programmable data processingapparatus, create mechanisms for implementing the functions/actsspecified in the flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in acomputer-readable memory that can direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including instructions, whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer orother programmable data processing apparatus to cause a series ofoperational events to be performed on the computer or other programmableapparatus to produce a computer implemented process such that theinstructions, which execute on the computer or other programmableapparatus, provide events for implementing the functions/acts specifiedin the flowchart and/or block diagram block or blocks. Alternatively,computer program implemented events or acts may be combined withoperator or human implemented events or acts in order to carry out anembodiment of the invention.

As the phrase is used herein, a processor may be “configured to” performor “configured for” performing a certain function in a variety of ways,including, for example, by having one or more general-purpose circuitsperform the function by executing particular computer-executable programcode embodied in computer-readable medium, and/or by having one or moreapplication-specific circuits perform the function.

“Computing platform” or “computing device” as used herein refers to anetworked computing device within the computing system. The computingplatform may include a processor, a non-transitory storage medium (i.e.,memory), a communications device, and a display. The computing platformmay be configured to support user logins and inputs from any combinationof similar or disparate devices. Accordingly, the computing platformincludes servers, personal desktop computer, laptop computers, mobilecomputing devices and the like.

As used herein, “virtual environment” or “metaverse” may refer to acollection of persistent, shared, three-dimensional virtual spaceslinked into a perceived virtual universe. In some embodiments, metaversemay not only refer to virtual worlds, but the Internet as a whole,including the spectrum of augmented reality. Metaverse may include anumber of different elements such as video conferencing, digitalcurrencies, virtual reality platforms, social media, live datastreaming, digital representations of real-life objects and/or the like.In some embodiments, the metaverse may include virtual properties, suchas virtual land parcels and estates for users to create and build-on, orstructures that reflect real-life properties and/or completely originalcreations. These spaces may be represented by co-ordinates on themetaverse platform where users can meet up using their avatars (i.e.,virtual objects) to socialize and decorate their own spaces withcollectibles. Any combination of the aforementioned elements may form acomputer-mediated virtual environment, i.e., a virtual world, within themetaverse. Within this self-sustaining, persistent, and shared realm,users may exist and interact with each other using their digital avatars(i.e., virtual objects).

As used herein, a “resource” may generally refer to objects, products,devices, real estate, goods, commodities, services, currency and thelike, and/or the ability and opportunity to access and use the same inthe metaverse. Some example implementations herein contemplate digitalproperty held by a user, including property that is stored and/ormaintained by a third-party entity.

As used herein, a “resource exchange event” may refer to anytransaction, activities, or communication between one or more entities,or between the user and the one or more entities in dealing with aresource. A resource exchange event may refer to any distribution ofresources such as, but not limited to, a payment, processing of funds,purchase of goods or services, a return of goods or services, a paymenttransaction, a credit transaction, or other interactions involving auser's resource. In some embodiments, the user may authorize a resourceexchange using at least a resource transfer instrument (e.g., NFT,credit cards, debit cards, checks, digital wallets, currency, loyaltypoints), and/or payment credentials (account numbers, resource transferinstrument identifiers). Unless specifically limited by the context, a“resource exchange” a “transaction”, “transaction event” or “point oftransaction event” may refer to any activity between a user, a merchant(virtual or non-virtual), an entity, or any combination thereof. In someembodiments, a resource exchange or transaction may refer to financialtransactions involving direct or indirect movement of funds throughelectronic transaction processing systems in dealing with a resource.

As used herein, a “non-fungible token” or “NFT” may refer to a digitalunit of data used as a unique digital identifier for a resource. An NFTmay be stored on a distributed ledger that certifies ownership andauthenticity of the resource. For purposes of this invention, adistributed ledger (e.g., blockchain) may be a database that isconsensually shared and synchronized across multiple sites,institutions, or geographies, accessible by multiple people. Adistributed ledger may be associated with independent computers(referred to as nodes) that record, share and synchronize transactionsin their respective electronic ledgers (instead of keeping datacentralized as in a traditional ledger). As such, NFTs cannot be copied,substituted, or subdivided. In specific embodiments, the NFT may includeat least relationship layer, a token layer, a metadata layer(s), and alicensing layer. The relationship layer may include a map of varioususers that are associated with the NFT and their relationship to oneanother. For example, if the NFT is purchased by buyer B1 from a sellerS1, the relationship between B1 and S1 as a buyer-seller is recorded inthe relationship layer. In another example, if the NFT is owned by O1and the resource itself is stored in a storage facility by storageprovider SP1, then the relationship between O1 and SP1 as owner-filestorage provider is recorded in the relationship layer. The token layermay include a smart contract that points to a series of metadataassociated with the resource, and provides information about supply,authenticity, lineage, and provenance of the resource. The metadatalayer(s) may include resource descriptors that provides informationabout the resource itself (e.g., resource information). These resourcedescriptors may be stored in the same metadata layer or grouped intomultiple metadata layers. The licensing layer may include anyrestrictions and licensing rules associated with purchase, sale, and anyother types of transfer of the resource from one person to another.Those skilled in the art will appreciate that various additional layersand combinations of layers can be configured as needed without departingfrom the scope and spirit of the invention.

Thus, systems, apparatus, and methods are described in detail below thatprovide for intelligent authentication/verification for resourceexchange events that occur in a virtual environment, such as Metaverseor the like. In addition, to providing for user authentication, thepresent invention verifies the authenticity/legitimacy of the resourceexchange event itself. In this regard, Machine Learning (ML) techniquesare implemented to identify user behavior patterns based, at least, onthe user's previously conducted virtual environment resource exchangeevents and, in some embodiments, the user's previously conductednon-virtual (i.e., physical or online) resource exchange events. Inresponse to the user initiating a resource exchange event in the virtualenvironment, characteristics or the current resource exchange event arecompared with the identified user behavior patterns to ensure that thecurrent resource exchange event is consistent with the user's behaviorpatterns. Such a comparison, verifies that the authenticity/legitimacyof the resource exchange event (i.e., verifies that the resourceexchange event is being conducted by the user and not a wrongdoer). Inthe event that the characteristics of the current resource exchangeevent do not match the user's behavior patterns, notifications/alertsmay be generated and communicated to authorizing entities that takefurther actions (i.e., personally contact the user or the like) toobtain authentication.

In addition, embodiments of the invention, provide for authentication ofthe user through user presentation of a Non-Fungible Token (NFT) that isverified through a consensus of decentralized nodes forming adistributed trust computing network (commonly referred to as a“blockchain” network). In further specific embodiments of the invention,the virtual object (i.e., avatar) is verified as being associated withthe user based on presentation of a previously generated token or thelike that is based on the object identifier.

Thus, embodiments of the present invention provide a heightened level ofsecurity for resource exchange events that occur in virtualenvironments, such as Metaverse or the like. In this regard, the presentinvention not only intelligently verifies the identity of the user butalso verifies the legitimacy of the resource event transaction itself.

Turning now to the figures, FIGS. 1 and 2 illustrate an exemplarydistributed ledger technology (DLT) architecture implemented in adistributed trust computing network (commonly referred to as a“blockchain” network), in accordance with an embodiment of theinvention. DLT may refer to the protocols and supporting infrastructurethat allow computing devices (peers) in different locations to proposeand validate events and update records in a synchronized way across anetwork. Accordingly, DLT is based on a decentralized model, in whichthese peers collaborate and build trust over the network. To this end,DLT involves the use of potentially peer-to-peer protocol for acryptographically secured distributed ledger of events represented asevent objects that are linked. As event objects each include informationabout the event object previous to it, they are linked with eachadditional event object, reinforcing the previously ones stored prior.Therefore, distributed ledgers are resistant to modification of theirdata because once recorded, the data in any given event object cannot bealtered retroactively without altering all subsequent event objects.

To permit events and agreements to be carried out among various peerswithout the need for a central authority or external enforcementmechanism, DLT uses smart contracts. Smart contracts are computer codethat automatically executes all or parts of an agreement and is storedon a DLT platform. The code can either be the sole manifestation of theagreement between the parties or may complement a traditional text-basedcontract and execute certain provisions, such as conducting an eventbetween Party A to Party B. The computer code of the smart contractitself is replicated across multiple nodes (peers) and, therefore,benefits from the security, permanence, and immutability that adistributed ledger offers. That replication also means that as each newevent object is added to the distributed ledger, the code is, in effect,executed. If the parties have indicated, by initiating an event, thatcertain parameters have been met, the code will execute the steptriggered by those parameters. If no such event has been initiated, thecode will not take any steps.

Various other specific-purpose implementations of distributed ledgershave been developed. These include distributed domain name management,decentralized crowd-funding, synchronous/asynchronous communication,decentralized real-time ride sharing and even a general-purposedeployment of decentralized applications. A distributed ledger may becharacterized as a public distributed ledger, a consortium distributedledger, or a private (i.e., non-public and/or proprietary) distributedledger. A public distributed ledger is a distributed ledger that anyentity can access, communicate events to and expect to see them storedthereon if they nodes of the distributed trust computing network come toa consensus and find the events to be valid. Further, any entity canparticipate in the consensus process for determining which event objectsare valid and, therefore, are added to the distributed ledger anddetermination of the current state of each event object. A publicdistributed ledger is generally considered to be fully decentralized. Onthe other hand, a fully private distributed ledger is a distributedledger in which permissions are kept centralized with one entity (i.e.,the entity that controls/owns the private distributed trust computingnetwork and the private distributed ledgers stored thereon). Thepermissions may be public or restricted to an arbitrary extent. Andlastly, a consortium distributed ledger is a distributed ledger wherethe consensus process is controlled by a pre-selected set of nodes; forexample, a distributed ledger may be associated with a specified numberof member institutions, each of which operate in such a way that aquorum of the members must sign every event object in order for theevent object to be valid. The right to access such a distributed ledgermay be public or restricted to the participants. Consortium distributedledgers may be considered partially decentralized.

As shown in FIG. 1 , an exemplary distributed trust computing network100 includes a distributed ledger 104 being maintained on multipledevices (nodes) 102 that are authorized to keep track of the distributedledger 104. For example, the nodes 102 may be one or more computingdevices such as a comprehensive computing system and one or more clientdevice(s). Each node 102 in the distributed trust computing network 100may have a complete or partial copy of the entire distributed ledger 104or set of events and/or event objects 104-A on the distributed ledger104. Events are initiated at a node and communicated to the variousnodes in the distributed trust computing network 100. Any of the nodes102 can validate an event, record the event to its copy of thedistributed ledger 104, and/or broadcast the event, the validation ofthe event (in the form of an event object) and/or other data to othernodes 102.

As shown in FIG. 2 , an exemplary event object 104-A includes an eventheader 106 and an event object data 108. The event header 106 mayinclude a cryptographic hash of the previous event object 106-A; a nonce106-B, i.e., a randomly generated 32-bit whole number; a cryptographichash of the current event object 106-C wedded to the nonce 106-B; and atime stamp 106-D. The event object data 108 may include eventinformation 108-A being recorded. Once the event object 104-A isgenerated, the event information 108-A is considered signed and forevertied to its nonce 106-B and hash 106-C. Once generated, the event object104-A is then deployed on the distributed ledger 104. At this time, adistributed ledger address is generated for the event object 104-A,i.e., an indication of where the event object is located on thedistributed ledger 104 and captured for recording purposes. Oncedeployed, the event information 108-A is considered recorded in thedistributed ledger 104.

FIG. 3 illustrates an exemplary process of generating a Non-FungibleToken NFT 200, in accordance with an embodiment of the invention. One ofordinary skill in the art will readily appreciate that an NFT is acryptographic record (referred to as a “token”) that is linked toresources, such as digital objects or the like. An NFT is typicallystored on a distributed ledger 104 of a distributed trust computingnetwork 100. The storage of the NFT on the distributed ledger 104 meansthat various nodes 102 of the distributed trust computing network 100have reached a consensus as to the ownership and validity/authenticityof the NFT, i.e., the linked data.

As shown in FIG. 3 , to generate, otherwise referred to as “minting” anNFT, a user (e.g., NFT owner) may identify, using a user input device202, resources 204 that the user wishes to mint as an NFT. Typically,the resources 204 used to generate the NFTs are digital objects thatrepresent both tangible and intangible objects. These resources 204 mayinclude a piece of art, music, collectible, virtual world items, videos,real-world items such as artwork and real estate, or any other presumedvaluable object. These resources 204 are then digitized into a properformat to generate the NFT 206. The NFT 206 may be a multi-layereddocumentation that identifies the resources 204 but also evidencesvarious event conditions associated therewith.

To record the NFT 206 in a distributed ledger 104, an event object 104-Afor the NFT 206 is created using data stored in database 208. Aspreviously discussed in relation to FIG. 2 , the event object 104-Aincludes an event object header 106 and an event object data 108. Theevent object header 106 includes a cryptographic hash of the previousevent object, a nonce (i.e., a random 32-bit whole number generated whenthe event object is created), a cryptographic hash of the current eventobject wedded to the nonce, and a time stamp. The event object data 108includes the NFT 206 being recorded. Once the event object 104-A isgenerated, the NFT 206 is considered signed and persistently tied to itscorresponding nonce and hash. The event object 104-A is then deployed inthe distributed ledger 104. At this time, a distributed ledger addressis generated for the event object 104-A, i.e., an indication of wherethe NFT 206 is located on the distributed ledger 104 and captured forrecording purposes. Once deployed, the NFT 206 is linked permanently tothe corresponding hash and the distributed ledger 104, and is consideredrecorded in the distributed ledger 104, thus concluding thegeneration/minting process.

As shown in FIG. 3 and previously discussed in relation to FIG. 1 , thedistributed ledger 104 may be maintained on multiple devices (nodes) 102of the distributed trust computing network 100; the multiple nodes 102are authorized to keep track of the distributed ledger 104. For example,the multiple nodes 104 may be computing devices such as a computingsystem or end-point device(s). Each node 102 may have a complete orpartial copy of the entire distributed ledger 104 or set of eventsand/or event objects on the distributed ledger 104. Events, such as thecreation and recordation of a NFT 206, are initiated at a node 102 andcommunicated to the various nodes 102. Any of the nodes 102 can validatean event, record the event to the corresponding copy of the distributedledger 104, and/or broadcast the event, its validation (in the form ofan event object 104-A) and/or other data to other nodes 102.

FIG. 4 illustrates an exemplary NFT 206 as a multi-layered documentationof a resource 204, in accordance with an embodiment of an invention. Asshown in FIG. 4 , the NFT 206 may include at least relationship layer210, a token layer 220, a metadata layer 230, and, when applicable, alicensing layer 240. The relationship layer 210 may include ownershipinformation 212, including a map of various users that are associatedwith the resource and/or the NFT 206, and their relationship to oneanother. For example, if the NFT 206 is purchased by buyer B1 from aseller S1, the relationship between B1 and S1 as a buyer-seller isrecorded in the relationship layer 210. In another example, if the NFT206 is owned by O1 and the resource itself is stored in a storagefacility by storage provider SP1, then the relationship between O1 andSP1 as owner-file storage provider is recorded in the relationship layer210. The token layer 220 may include a token identification number 222that is used to identify the NFT 206. The metadata layer 230 may includeat least a file location 232 and a file descriptor 234. The filelocation 232 provides information associated with the specific locationof the resource 204. Depending on the conditions listed in the smartcontract underlying the distributed ledger 104, the resource 204 may bestored on-chain, i.e., directly on the distributed ledger 104 along withthe NFT 206, or off-chain, i.e., in an external storage location. Thefile location 232 identifies where the resource 204 is stored. The filedescriptor 234 includes specific information associated with the sourceitself. For example, the file descriptor 234 may include informationabout the supply, authenticity, lineage, provenance of the resource 204.The licensing layer 240 may include any transferability parameters 242associated with the NFT 206, such as restrictions and licensing rulesassociated with purchase, sale, and any other types of transfer of theresource 204 and/or the NFT 206 from one person to another. Thoseskilled in the art will appreciate that various additional layers andcombinations of layers can be configured as needed without departingfrom the scope and spirit of the invention.

As shown in FIG. 5 , an exemplary machine learning subsystemarchitecture 300 is depicted in accordance with embodiments of thepresent of the present invention. The machine learning subsystem 300includes a data acquisition engine 302, data ingestion engine 310, datapre-processing engine 316, Machine learning (ML) model tuning engine322, and inference engine 336.

The data acquisition engine 302 identifies various internal and/orexternal data sources to generate, test, and/or integrate new featuresfor training the machine learning model 324. These internal and/orexternal data sources 304, 306, and 308 may be initial locations wherethe data originates or where physical information is first digitized.The data acquisition engine 302 may identify the location of the dataand describe connection characteristics for access and retrieval ofdata. In some embodiments, data is transported from each data source304, 306, or 308 using any applicable network protocols, such as theFile Transfer Protocol (FTP), Hyper-Text Transfer Protocol (HTTP), orany of the myriad Application Programming Interfaces (APIs) provided bywebsites, networked applications, and other services. The data acquiredby the data acquisition engine 302 from these data sources 304, 306, and308 is then transported to the data ingestion engine 310 for furtherpre-processing.

In machine learning, the quality of data and the useful information thatcan be derived therefrom directly affects the ability of the machinelearning model 324 to learn. The data pre-processing engine 316 mayimplement advanced integration and processing steps needed to preparethe data for machine learning execution. This may include modules toperform any upfront, data transformation to consolidate the data intoalternate forms by changing the value, structure, or format of the datausing generalization, normalization, attribute selection, andaggregation, data cleaning by filling missing values, smoothing thenoisy data, resolving the inconsistency, and removing outliers, and/orany other encoding steps as needed.

In addition to improving the quality of the data, the datapre-processing engine 316 may implement feature extraction and/orselection techniques to generate training data 318. Feature extractionand/or selection is a process of dimensionality reduction by which aninitial set of data is reduced to more manageable groups for processing.A characteristic of these large data sets is a large number of variablesthat require a high volume of computing resources to process. Featureextraction and/or selection may be used to select and/or combinevariables into features, effectively reducing the amount of data thatmust be processed, while still accurately and completely describing theoriginal data set.

Depending on the type of machine learning algorithm being used thetraining data 318 may require further enrichment. For example, insupervised learning, the training data 318 is enriched using one or moremeaningful and informative labels to provide context so a machinelearning model can learn from it. For example, in specific examples,labels might indicate whether a photo contains a bird or car, whichwords were uttered in an audio recording, or if an x-ray contains atumor. Data labeling is required for a variety of use cases includingcomputer vision, natural language processing, and speech recognition. Incontrast, unsupervised learning uses unlabeled data to find patterns inthe data, such as inferences or clustering of data points.

The ML model tuning engine 322 may be used to train a machine learningmodel 324 using the training data 318 to make predictions or decisionswithout explicitly being programmed to do so. The machine learning model324 represents what was learned by the selected machine learningalgorithm(s) 320 and represents the rules, numbers, and any otheralgorithm-specific data structures required for classification.Selecting the right machine learning algorithm 320 depends on a numberof different factors, such as, but not limited to, the problem statementand the kind of output needed; type and size of the data; the availablecomputational time; number of features and observations in the data;and/or the like. Machine learning algorithms 320 may refer to programs(math and logic) that are configured to self-adjust and perform betterin response to being exposed to more data. To this extent, machinelearning algorithms 320 are capable of adjusting their own parameters,given feedback on previous performance in making prediction about adataset.

The machine learning algorithms 320 contemplated, described, and/or usedherein include supervised learning (e.g., using logistic regression,using back propagation neural networks, using random forests, decisiontrees, or the like.), unsupervised learning (e.g., using an Apriorialgorithm, using K-means clustering or the like), semi-supervisedlearning, reinforcement learning (e.g., using a Q-learning algorithm,using temporal difference learning), and/or any other suitable machinelearning model type. Each of these types of machine learning algorithms320 can implement any of one or more of a regression algorithm (e.g.,ordinary least squares, logistic regression, stepwise regression,multivariate adaptive regression splines, locally estimated scatterplotsmoothing, or the like), an instance-based method (e.g., k-nearestneighbor, learning vector quantization, self-organizing map, or thelike), a regularization method (e.g., ridge regression, least absoluteshrinkage and selection operator, elastic net, or the like), a decisiontree learning method (e.g., classification and regression tree,iterative dichotomiser 3, C4.5, chi-squared automatic interactiondetection, decision stump, random forest, multivariate adaptiveregression splines, gradient boosting machines, or the like), a Bayesianmethod (e.g., naïve Bayes, averaged one-dependence estimators, Bayesianbelief network, or the like), a kernel method (e.g., a support vectormachine, a radial basis function, or the like), a clustering method(e.g., k-means clustering, expectation maximization, or the like), anassociated rule learning algorithm (e.g., an Apriori algorithm, an Eclatalgorithm, or the like), an artificial neural network model (e.g., aPerceptron method, a back-propagation method, a Hopfield network method,a self-organizing map method, a learning vector quantization method, orthe like), a deep learning algorithm (e.g., a restricted Boltzmannmachine, a deep belief network method, a convolution network method, astacked auto-encoder method, or the like), a dimensionality reductionmethod (e.g., principal component analysis, partial least squaresregression, Sammon mapping, multidimensional scaling, projectionpursuit, or the like), an ensemble method (e.g., boosting, bootstrappedaggregation, AdaBoost, stacked generalization, gradient boosting machinemethod, random forest method, or the like), and/or the like.

To tune the machine learning model 324, the ML model tuning engine 322may repeatedly execute cycles of experimentation/initialization 326,testing 328, and calibration 330 to optimize the performance of themachine learning algorithm 320 and refine the results in preparation fordeployment of those results for consumption or decision making. To thisend, the ML model tuning engine 322 may dynamically vary hyperparameterseach iteration (e.g., number of trees in a tree-based algorithm or thevalue of alpha in a linear algorithm), run the algorithm on the dataagain, then compare the performance on a validation set to determinewhich set of hyperparameters results in the most accurate model. Theaccuracy of the ML model 324 is the measurement used to determine whichset of hyperparameters is best at identifying relationships and patternsbetween variables in a dataset based on the input, or training data 318.A fully trained machine learning model 332 is one whose hyperparametersare tuned and model accuracy maximized.

The trained machine learning model 332, similar to any other softwareapplication output, can be persisted to storage, file, memory, orapplication, or looped back into the processing component to bereprocessed. More often, the trained machine learning model 332 isdeployed into an existing production environment to make practicaldecisions based on live data 334, in this instance received emails. Tothis end, the machine learning subsystem 300 uses the inference engine336 to make such decisions. The type of decision-making may depend uponthe type of machine learning algorithm used. For example, trainedmachine learning models 332 trained using supervised learning algorithmsmay be used to structure computations in terms of categorized outputs(e.g., C_1, C_2 . . . C_n 338) or observations based on definedclassifications, represent possible solutions to a decision based oncertain conditions, model complex relationships between inputs andoutputs to find patterns in data or capture a statistical structureamong variables with unknown relationships, and/or the like. On theother hand, trained machine learning models 332 trained usingunsupervised learning algorithms may be used to group (e.g., C_1, C_2 .. . C_n 338) live data 334 based on how similar they are to one anotherto solve exploratory challenges where little is known about the data,provide a description or label (e.g., C_1, C_2 . . . C_n 338) to livedata 334, such as in classification, and/or the like. These categorizedoutputs, groups (clusters), or labels are then presented asoutput/results 340.

It will be understood that the embodiment of the machine learningsubsystem 300 illustrated in FIG. 5 is exemplary and that otherembodiments may vary. As another example, in some embodiments, themachine learning subsystem 300 may include more, fewer, or differentcomponents.

Referring to FIG. 1 a schematic diagram is presented of an exemplarysystem 100 for AI detection of malware threats based on behaviors of thecomputing system in the presence of malware software, in accordance withembodiments of the present invention. As depicted, the system 100includes a first computing platform 200 and a second computer platform300. However, one of ordinary skill in the art will appreciate that thefunctionality described herein as being performed within first computingplatform 200 may be performed within second computing platform 300 oradditional computing platforms and/or the functionality described hereinas being performed within second computing platform 300 may be performedwithin first computing platform 200 or additional computing platforms.As such, the system 100 may include one solitary computing platform, or,in other embodiments, computing platforms in addition to first computingplatform 200 and second computing platform 300.

First computing platform 200 includes a first memory 202 and one or morefirst processing devices 204 in communication with the first memory 202.The first memory stores instructions 210 that are executable by thefirst processing device(s) 204. The first instructions are configured todetermine/observe one or more behaviors 230 of a computing system 400while it is in the presence of malware software 220, which, in specificembodiments of the invention, may be ransomware software. The computingsystem 400, which may comprise one or multiple computing devices, ispart of computing network 110, which typically comprises multiple othercomputing systems. As used herein, the “behaviors” refers to anycomputing system event/activity or computing system configuration thatoccurs in the presence of malware/ransomware software (i.e., after themalware has penetrated the perimeter of the computing system). In thoseembodiments of the method, in which the malware software 220 isransomware software, the behaviors 220 may be any computing system eventor configuration that occurs prior to encryption of files. In specificembodiments of the system, the behaviors 220 are determined/observed viaimplementation of AI and, specifically ML techniques.

The instructions 210 are further configured to train, over time, one ormore AI algorithms 250 to monitor 260 for the determined behaviors 230.Further the instructions are configured to train, over time, the AIalgorithm(s) to determine one or more actions 270 to take specific tothe determined behaviors 230 in response to behavior detection 230 anddetermining that an acceptable baseline level 290 has been exceeded forthe behavior 230 and initiate the occurrence of the one or more actions270. The actions 270 are taken to mitigate (limit further propagation ofthe malware beyond the computing system) or prevent (stop the malwarefrom detonating within the computing system) the threat posed by themalware/ransomware software. The acceptable baseline level 290 is thenormal amount that the computing system experiences absent the presenceof the malware software 220 and/or or the normal configuration of thesystem 400 absent the malware software 220. The acceptable baselinelevels 290 for each behavior may be predetermined or may dynamicallychange based on known threats or changes in utilization of the computingsystem and/or network. The actions that occur may include, but are notlimited to, initiating communication of alerts, isolating the computingsystem (i.e., one or more computing devices) from the network,reconfiguring the computing system, shutting down the computing systemand the like.

System 100 additionally includes second computing platform 300 having asecond memory 302 and one or more second processing devices 304 incommunication with the second memory 302. The second memory 302 storestrained AL algorithms 250, which are executable by the second processingdevice(s) 304. The AI algorithm(s) 250 are configured to monitor 260 forthe occurrence of the one or more behaviors 230 within computing system400. The AI algorithms 250 are further configured to implement AI/ML todetermine one or more actions 270 in response to behavior detection 280and determining that an acceptable baseline level 290 has been exceededfor the behavior 230 and initiate the occurrence of the one or moreactions 270

Referring to FIG. 2 , a block diagram is depicted of first computingplatform 200, in accordance with embodiments of the present invention.In addition to providing greater detail, FIG. 2 highlights variousalternate embodiments of the system 200. First computing platform 200comprises one or more computing devices/apparatus, such as applicationserver(s), storage servers or the like configured to execute softwareprograms, including instructions, engines, algorithms, modules,routines, applications, tools, and the like. First computing platform200 includes first memory 202, which may comprise volatile andnon-volatile memory, such as read-only and/or random-access memory (RAMand ROM), EPROM, EEPROM, flash cards, or any memory common to computerplatforms). Moreover, first memory 202 may comprise cloud storage, suchas provided by a cloud storage service and/or a cloud connectionservice.

Further, first computing platform 200 also includes first processingdevice(s) 204, which may be an application-specific integrated circuit(“ASIC”), or other chipset, logic circuit, or other data processingdevice. First processing device 204 may execute an applicationprogramming interface (“API”) 206 that interfaces with any residentprograms, such as instructions 210 and sub-engines/routines associatedtherewith or the like stored in the first memory 202 of the firstcomputing platform 200.

First processing device 204 may include various processing subsystems(not shown in FIG. 2 ) embodied in hardware, firmware, software, andcombinations thereof, that enable the functionality of first computingplatform 200 and the operability of first computing platform 200 on adistributed communication network. For example, processing subsystemsallow for initiating and maintaining communications and exchanging datawith other networked devices. For the disclosed aspects, processingsubsystems of first processing device 204 may include any subsystem usedin conjunction with instructions 210 and related sub-engines/routines,algorithms, sub-algorithms, modules, sub-modules thereof.

First computing platform 200 additionally includes a communicationsmodule (not shown in FIG. 2 ) embodied in hardware, firmware, software,and combinations thereof, that enables electronic communications betweenfirst computing platform 200 and other networks and/or networkeddevices, such as, second computing platform 300 and computing system400. Thus, the communication module may include the requisite hardware,firmware, software and/or combinations thereof for establishing andmaintaining a network communication connection with one or more systems,platforms, networks, or the like.

As previously discussed in relation to FIG. 1 , first memory 202 ofcomputing platform 200 stores instructions 210 that are configured toobserve/determine one or more behaviors 230 within a computing system400 that occur in the presence of malware software 220 and, in specificembodiments of the invention, ransomware software 222. The behaviors 230may be any computing system event or computing system configuration thatoccurs in the presence of malware/ransomware software 220, 222 (i.e.,after the malware/ransomware 220, 222 has penetrated the periphery ofthe computing system 400). In those embodiments of the system, in whichthe malware 220 is ransomware 222, the behaviors may be any computingsystem event or configuration that occurs prior to encryption of files.

In specific embodiments of the method, the behaviors aredetermined/observed via implementation of AI and, specifically MLtechniques 221. In further specific embodiments of the method, thebehaviors are determined/observed as a result of an actual malwareattack occurring at the computing system 400. While in other embodimentsof the method, the behaviors may be determined/observed based on asimulated malware attack occurring within a test computing systemenvironment or the like.

The behaviors 230 that are determined/observed may include, but are notlimited to, (i) specific disk input/output calls 231, (ii) memoryutilization 232, (iii) processing unit (i.e., central and or graphical)utilization 233, (iv) files accessed 234, (v) types/volume of calls madeto operating system 235, (vi) ports and protocols 236 used for calls,(vii) attempts to escalate access privileges 237 and other behaviors(i.e., other computing system events and/or computing systemconfigurations).

In specific embodiments of the system, the behaviors 230 that areobserved/determined, typically via implementation of AI/ML 212, arepatterns of behaviors 230-1. A pattern of behaviors 230-1 as used hereincomprises two or more behaviors 230 that occur either in parallel or insequence. In addition, the pattern of behaviors may have additionalparameters that define requirements for detecting the pattern, such astiming requirements, order of behaviors and the like.

In other embodiments of the system, the behaviors are analyzed, using MLtechniques, to determine the impact from changes to the computing systemon the behaviors. The changes may include, but are not limited to, (i)hardware and/or software configuration within the computing system, (ii)service packs installed on the computing system, (iii) operating systemrevisions and the like.

In response to determining/observing the behaviors 230, the instructions210 are configured to train 240, one or more AI algorithm(s) 250 to (i)monitor 260 for the occurrence of the behaviors 230 or patterns ofbehaviors 230-1, and (ii) in response to detecting the occurrence of thebehavior 230 or pattern of behaviors 230-1 and determining that theoccurrence exceeds an acceptable baseline level 280 for the behavior 230or pattern of behaviors 230-1, determine one or more actions 290specific to the behaviors and the amount by which the baseline level 280is exceeded and initiate the occurrence of the one or more actions 290to mitigate (limit further propagation of the malware beyond thecomputing system) or prevent (stop the malware from detonating withinthe computing system) the threat posed by the malware/ransomwaresoftware. Acceptable baseline levels 280 may be predetermined for thecomputing system 400 or may be dynamically assigned based on currentmalware threat levels or current utilization of the computingsystem/network.

The actions 290 that occur may include, but are not limited to,initiating communication of alerts, isolating the computing system fromthe network, reconfiguring the computing system, shutting down thecomputing system and the like. In specific embodiments of the invention,the instructions 210 may be configured for action determination 292, inwhich the actions 290 are determined based on action rules 294applicable to the behaviors 230. Specifically, the action rules 294 maydictate which actions 290 occur based on the behavior 230 or pattern ofbehaviors 230-1 observed and, in some embodiments, attributes of thebehavior 230, e.g., timing of the behavior 230, volume of the behavior230, type of behavior 230, timing between behaviors 230 in a pattern ofbehaviors 230-1, sequence of behaviors 230 in a pattern of behavior230-1 or the like.

In other embodiments of the system 100, the AI algorithms 250 areadditionally trained with malware indications 222, includingknown/existing indicators 224 (e.g., digital signatures) or futureknown/new emerging indicators 226 (i.e., industry identifiedindicators), which indicate the presence of malware. In such embodimentsof the system, the action(s) 290 may be initiated in response todetection of behavior(s) 230 and one or more indicators 222.

Referring to FIG. 3 , a flow diagram is depicted of a method 400 for AIdetection and prevention of malware threats based on behaviors of thecomputing system in the presence of malware software, in accordance withembodiments of the present invention. In specific embodiments the method400 is operating system-agnostic, meaning that it can be implemented ona computing system executing any known or future known operating system.At Event 410, one or more behaviors are observed/determined within acomputing system that occur in the presence of malware software and, inspecific embodiments of the invention, ransomware software. Thebehaviors may be any computing system event or computing systemconfiguration that occurs in the presence of malware/ransomware software(i.e., after the malware has penetrated the periphery of the computingsystem). In those embodiments of the method, in which the malware isransomware, the behaviors may be any computing system event orconfiguration that occurs prior to encryption of files.

In specific embodiments of the method, the behaviors aredetermined/observed via implementation of AI and, specifically MLtechniques. In further specific embodiments of the method, the behaviorsare determined/observed as a result of an actual malware attackoccurring at the computing system. While in other embodiments of themethod, the behaviors may be determined/observed based on a simulatedmalware attack occurring within a test computing system environment orthe like.

The behaviors that are determined/observed may include, but are notlimited to, (i) specific disk input/output calls, (ii) memoryutilization, (iii) processing unit (i.e., central and or graphical)utilization, (iv) files accessed, (v) types of calls made to operatingsystem, (vi) ports and protocols used for calls, (vii) attempts toescalate access privileges and the like.

In specific embodiments of the method, the behaviors that areobserved/determined, typically via implementation of AUML, are patternsof behaviors. A pattern of behavior as used herein comprises two or morebehaviors that occur either in parallel or in sequence. In addition, thepattern of behaviors may have additional parameters that definerequirements for detecting the pattern, such as timing requirements,order of behaviors and the like.

In other embodiments of the method, the behaviors are analyzed, using MLtechniques, to determine the impact from changes to the computing systemon the behaviors. The changes may include, but are not limited to, (i)hardware and/or software configuration within the computing system, (ii)service packs installed on the computing system, (iii) operating systemrevisions and the like.

In response to determining/observing the behaviors, at Event 420, AIalgorithm(s) are trained, over time, to (i) monitor for the occurrenceof the behaviors or patterns of behaviors, and (ii) in response todetecting the occurrence of the behavior or pattern of behaviors anddetermining that the occurrence exceeds an acceptable baseline level forthe behavior, initiate one or more actions to mitigate (limit furtherpropagation of the malware beyond the computing system) or prevent (stopthe malware from detonating within the computing system) the threatposed by the malware/ransomware software. Acceptable baseline levels maybe predetermined for the computing system.

The actions that occur may include, but are not limited to, initiatingcommunication of alerts, isolating the computing system from thenetwork, reconfiguring the computing system, shutting down the computingsystem and the like. In specific embodiments of the invention, theactions may be determined based on rules applicable to the behaviors.Specifically, the rules may dictate which actions occur based on thebehavior or pattern of behaviors observed and, in some embodiments,attributes of the behavior, e.g., timing of the behavior, volume of thebehavior, type of behavior, timing between behaviors in a pattern ofbehaviors, sequence of behaviors in a pattern of behavior or the like.

In other embodiments of the invention, the AI algorithms areadditionally trained with existing indicators (e.g., digital signatures)or new emerging indicators (i.e., industry identified indicators), whichindicate the presence of malware. In such embodiments of the method, theaction(s) may be initiated in response to detection of behavior(s) andone or more indicators.

Once trained, at Event 430, the AI algorithm(s) are executed andmonitoring for the occurrence of behaviors of patterns of behaviorscommences. At Event 440, in response in response to detecting theoccurrence of the behavior or pattern of behaviors and determining thatthe occurrence exceeds an acceptable baseline level for the behavior,initiate one or more actions to mitigate or prevent the threat posed bythe malware/ransomware software.

Referring to FIG. 6 , a schematic/block diagram is presented of a system400 for authorizing a resource exchange event in a virtual environment,in accordance with embodiments of the present invention. The systemincludes a distributed trust computing network 100 having a plurality ofdecentralized nodes 102. Each node 102 has a memory (not shown in FIG. 6) and one or more processing devices (not shown in FIG. 6 ) incommunication with the memory. The memory of the decentralized nodes 102stores one or more distributed ledgers 104, with each distributed ledgerincluding a series of data blocks (not shown in FIG. 6 ). In response toa virtual object (e.g., avatar or the like) associated with a userinitiating a virtual resource exchange event 510 within a virtualenvironment 500 (e.g., a metaverse or the like), the distributedcomputing network 100 receives, via distributed communication network310, a Non-Fungible Token (NFT) 520 that is associated with the user. Inresponse, a plurality of the decentralized nodes 102 are configured tovalidate the NFT 520 (i.e., authenticate the user) and, in responsestore a data block associated with the resource exchange event 510within one of the distributed ledger 104.

System 400 additionally includes first computing platform 600 thatincludes a memory 602 and one or more processing devices 604 incommunication with memory 602. Memory 602 stores virtual resourceexchange event authorizer tool 610 that is executable by at least one ofthe processing device(s) 604. The authorizer tool 610 is configured toimplement one or more Machine Learning (ML) algorithms to learn one ormore user behavior patterns 630 that indicate a pattern of behaviorexhibited by the user when conducting, at least, prior virtual resourceexchange events 640. In this regard, the ML algorithms 620 provide forgenerating one or more trained ML models (not shown in FIG. 6 ) thatconfigured to detect an occurrence of user behavior patterns 630.

In response to receiving data 512 associated with the virtual resourceexchange event 510 being initiated by the virtual object, authorizertool 610 is configured to apply the one or more user behavior patterns622 to the data 512 associated with the virtual resource exchange event622 to determine whether the virtual resource exchange event 510 isauthentic/legitimate (i.e., being initiated by the user). In specificembodiments of the system, the data 512 is received from the distributedtrust computing network 100, via the distributed communication network310, in response to validation of the NFT 520. In specific embodimentsof the system 400, application of the user behavior patterns 622 to thedata 512 entails executing the trained ML models to determine whetherthe virtual resource exchange event 510 is authentic/legitimate.

In response to (i) the distributed trust computing network 100validating the NFT 520, and (ii) authentication 660 of the virtualresource exchange event 510, authorizer tool 610 is configured toauthorize 680 processing of the virtual resource exchange event 510(i.e., authorize initiation of a payment process for completing apayment transaction or the like).

Referring to FIG. 7 , a block diagram is presented of first computingplatform 600 configured for virtual resource exchange eventauthorization, in accordance with embodiments of the present invention.In addition to providing greater details of the first computing platform600 and authorizer tool 610, FIG. 7 highlights various alternateembodiments of the invention. First computing platform 600 may compriseone or multiple devices, such as servers, storage devices and the likethat are in wired and/or wireless communication with one another. Firstcomputing platform 600 includes memory 602, which may comprise volatileand non-volatile memory, such as read-only and/or random-access memory(RAM and ROM), EPROM, EEPROM, flash cards, or any memory common tocomputing platforms). Moreover, memory 602 may comprise cloud storage,such as provided by a cloud storage service and/or a cloud connectionservice.

Further, first computing platform 600 also includes one or moreprocessing devices 604, which may be an application-specific integratedcircuit (“ASIC”), or other chipset, logic circuit, or other dataprocessing device. Processing device(s) 604 may execute one or moreapplication programming interface (APIs) 606 that interface with anyresident programs, such as virtual resource exchange event authorizertool 610 or the like, stored in memory 610 of first computing platform600 and any external programs. Processing devices(s) 604 may includevarious processing subsystems (not shown in FIG. 7 ) embodied inhardware, firmware, software, and combinations thereof, that enable thefunctionality of first computing platform 600 and the operability offirst computing platform 600 on a distributed communications network 310(shown in FIG. 6 ), such as the Internet, intranet(s), cellularnetwork(s) and the like. For example, processing subsystems allow forinitiating and maintaining communications and exchanging data with othernetworked devices. For the disclosed aspects, processing subsystems offirst computing platform 600 may include any subsystem used inconjunction with virtual resource exchange event authorizer tool 610 andrelated tools, routines, sub-routines, algorithms, sub-algorithms,sub-modules thereof.

In specific embodiments of the present invention, first computingplatform 600 additionally includes a communications module (not shown inFIG. 7 ) embodied in hardware, firmware, software, and combinationsthereof, that enables electronic communications between the firstcomputing platform 600 and other networks and network devices, such asuser devices experiencing the virtual environment 500, the distributedtrust computing network 100 and the like. Thus, communication module mayinclude the requisite hardware, firmware, software and/or combinationsthereof for establishing and maintaining a network communicationconnection with one or more devices and/or networks.

Memory 602 of first computing network 600 stores virtual resourceexchange event authorizer tool 610 which is configured to implement oneor more Machine Learning (ML) algorithms to learn one or more userbehavior patterns 630 that indicate a pattern of behavior exhibited bythe user when conducting, at least, prior virtual resource exchangeevents 640. The user behavior patterns 630 may be based on, but are notlimited to, (i) metaverses 641 or areas of the virtual environment 642in which prior virtual resource exchange events occurred, (ii) virtualresources exchange providers 642 at which the user conducted priorvirtual resource exchange events 640, (iii) amounts 643 of prior virtualresource exchange events 640, (iv) times 644 of day, week, month or thelike at which the prior virtual resource exchange events 640 wereconducted, (v) items/services 645 acquired by the user in prior virtualresource exchange events 640, (vi) geographic location of the user whenthe prior virtual resource exchange events 640 were conducted, and thelike. In such embodiments of the invention, weighting schemes may beimplemented, such that certain basis for the user behavior patterns aregiven more or less weight in the determination of a user behaviorpattern 630.

In specific embodiments of the invention, user behavior patterns 630indicate a pattern of behavior exhibited by the user when conductingprior virtual resource exchange events 640, but also prior non-virtual(e.g., physical location or online) resource exchange events 650. Inthis regard, the ML algorithms 620 provide for generating one or more MLmodels (not shown in FIG. 7 ) that are trained on data from priorvirtual and non-virtual resource exchange events 640, 650. In suchembodiments of the invention, weighting schemes may be implemented suchthat the prior virtual resource exchange events are weighted moreheavily in the determination of user behavior patterns 630. In suchembodiments of the invention, the user behavior patterns 630 may befurther based on, but are not limited to, (i) non-virtual resourcesexchange providers 651 at which the user conducted prior non-virtualresource exchange events 650, (iii) amounts 652 of prior non-virtualresource exchange events 650, (iv) times 653 of day, week, month or thelike at which the prior non-virtual resource exchange events 650 wereconducted, (v) items/services 654 acquired by the user in priornon-virtual resource exchange events 650, (vi) geographic location ofthe user when the prior non-virtual resource exchange events 650 wereconducted, and the like.

In response to receiving data 512 associated with the virtual resourceexchange event 510 being initiated by the virtual object, authorizertool 610 is configured to apply the one or more user behavior patterns622 to the data 512 associated with the virtual resource exchange event622 to determine whether the virtual resource exchange event 510 isauthentic/legitimate (i.e., being initiated by the user). In specificembodiments of the system, the data 512 is received from the distributedtrust computing network 100, via the distributed communication network310, in response to validation of the NFT 520. In specific embodimentsof the system 400, application of the user behavior patterns 622 to thedata 512 entails executing the trained ML models to determine whetherthe virtual resource exchange event 510 is authentic/legitimate.

In alternate embodiments of the invention, a second computing platform(not shown in FIG. 7 ) may be implemented, which includes a memory andone or more processing devices in communication with the memory. Thememory stores a resource exchange event user behavior pattern detectiontool that is executable by at least one of the processing device(s) andis configured to implement ML algorithms to learn one or more seconduser behavior patterns. The second user behavior patterns eachindicating a pattern of behavior of the user is conducting priornon-virtual (e.g., physical location or online). In this regard,separate user behavior patterns may be identified for the virtualresource exchange events 640 and the non-virtual resource exchangeevents 650. In such embodiments of the invention, virtual resourceexchange event authorizer tool 610 is configured to apply the one ormore user behavior patterns 622 and the one or more second user behaviorpatterns to the data 512 associated with the virtual resource exchangeevent 622 to determine whether the virtual resource exchange event 510is authentic/legitimate (i.e., being initiated by the user).

In alternate embodiments of the invention, a second computing platform(not shown in FIG. 7 ) may be implemented, which includes a memory andone or more processing devices in communication with the memory. Thememory stores a token generator tool that is configured to generate avirtual object authenticator token 532 that associates the user with avirtual object identifier that identifies the virtual object 530 beingused by the user. The user's identity may be verified based on theverification of the NFT 520 at the distributed trust computing network100 or via user input of requisite identification credentials. Virtualobject authenticator token 532 may be configured to generate the token532 on a per user virtual environment session basis, as the user maychoose to associate with different virtual objects (e.g., avatars) on asession-by session basis. In such embodiments of the invention, virtualresource exchange event authorizer tool 610 is configured to receive oraccess the virtual object authentication token 532 to authenticate 670the virtual object 530.

In response to (i) the distributed trust computing network 100validating the NFT 520, and (ii) authentication 660 of the virtualresource exchange event 510 and, in specific embodiments, (iii)authentication 670 of the virtual object 530, authorizer tool 610 isconfigured to authorize 680 processing of the virtual resource exchangeevent 510 (i.e., authorize initiation of a payment process forcompleting a payment transaction or the like).

In specific embodiments of the invention, in response to failing toauthorize 680 processing of the virtual resource exchange event 510,authorizer tool 610 is configured to generate and initiate communicationof an alert 690 to one or more predetermined entities. The alert 690notifies the entities of the failure to authorize 680 and, in response,the entities may take action to rectify the failure to authorize (e.g.,personally contact the user to verify user identity and/or the virtualresource exchange event).

In other specific embodiments of the invention, the authorizer tool 610is configured to generate and initiate communication of user behaviorpatterns reports 692 to one or more predetermined entities. The userbehavior reports 692 indicate the basis for user behavior patterns 630.Additionally, the authorizer tool 610 may be configured to generate andinitiate communication of other reports, such as reports that indicatethe failures in authorizing 680 processing of the virtual resourceexchange event 510 and the rational for making such determinations.

Referring to FIG. 8 , a flow/schematic diagram is presented of amethodology 700 for authorizing a virtual resource exchange event 510,in accordance with embodiments of the present invention. A virtualresource exchange event is initiated within a virtual environment 500and, in response an NFT is presented to a distributed trust computingnetwork 100. Decentralized of the distributed trust computing networkconverge on the NFT to validate the NFT. In response to validation ofthe NFT, at Event 830, a data block associated with the virtual resourceexchange event is added to a distributed ledger of the distributed trustcomputing network and data/characteristics of the virtual resourceexchange event are communicated to the trained machine learning models650. The models 650 apply previously learned user behavior patterns 622to the virtual resource exchange data 512 to decision 710 whether thevirtual resource exchange event can be authorized or should be rejected.If authorized, communication is sent back to the virtual environment 500to notify the user, via the associated virtual object/avatar, that theresource exchange event has been authorized. If rejected, anauthorization rejection alert 690 is generated and communicated to oneor more predetermined entities notifying the entity of the rejection sothat the entity can determine whether further action to rectify (orconfirm) the rejection is necessary. In addition, the decision 710results are fed back to the machine learning models 650 so that furtherlearning continues to occur as virtual resource exchange events furtheroccur.

Referring to FIG. 9 , a flow diagram is presented of acomputer-implemented method 800 for authorizing a virtual resourceexchange event 510, in accordance with embodiments of the presentinvention. In response a virtual object (e.g., avatar) associated with auser initiating a virtual resource exchange event (e.g., virtualpurchase transaction) in a virtual environment (e.g., a metaverse or thelike), at Event 810, a Non-Fungible Token (NFT) associated with the useris received at a distributed trust computing network and, at Event 820,a plurality of the decentralized of the distributed trust computingnetwork validate the NFT. In this regard, the NFT serves as the user'sresource exchange vehicle and validation serves to authenticate theuser. In response to validation of the NFT, at Event 830, a data blockassociated with the virtual resource exchange event is added to adistributed ledger of the distributed trust computing network.

At Event 840, one or more Machine Learning (ML) algorithms areimplemented to learn one or more user behavior patterns. Each userbehavior patterns indicates a pattern of behavior of the user inconducting, at least, prior virtual resource exchange events. Inspecific embodiments of the invention, the user behavior patternsfurther indicate a pattern of behavior in conducting virtual andnon-virtual resource exchange events. In other specific embodiments ofthe invention first user behaviors are learned that indicate a patternof behavior of the user in conducting prior virtual resource exchangeevents and second user behavior patterns are learned or otherwisedetermined that indicate a pattern of behavior of the user in conductingprior virtual resource exchange events. In specific embodiments of themethod the user behavior patterns are learned by implementing MLalgorithm(s) to train one or more ML models. In further specificembodiments of the method, the basis for the user behavior patternsinclude one or more of, but are not limited to, (i) areas/metaverseswhere the prior virtual resource exchange events occurred, (ii) virtualand non-virtual resource exchange providers at which the prior resourceexchange events occurred, (iii) amounts of the prior virtual ornon-virtual resource exchange events, (iv) time of day, week, month orthe like at which the prior resource exchange events occurred, (v) typesof items/services exchanged in the prior resource exchange events, and(vi) geographic location of the user at the time the virtual ornon-virtual resource exchange event occurred.

In response to receiving data/characteristics of the virtual resourceexchange event being initiated, at Event 850, ML techniques areimplemented (e.g., trained ML models are executed) to apply the userbehavior patterns to the data associated with the virtual resourceexchange event to determine whether the virtual resource exchange eventis authentic/legitimate (i.e., actually being performed by the user asopposed to a wrongdoer). In additional specific embodiments of themethod, a token that associates the virtual object to the user isgenerated and presented as a means of authenticating the virtual object.

In response to (i) validating the NFT at the distributed trust computingnetwork, (ii) authenticating the virtual resource exchange event and, inspecific embodiments of the method, (iii) authenticating the virtualobject, at Event 860, the virtual resource exchange event is authorizedfor processing (i.e., payment is authorized to occur or the like).Alternatively, in response to failing to authenticate the virtualresource exchange event, an alert is generated and communicated to oneor more entities that may be responsible for escalating theauthorization process (i.e., contacting the user manually toauthenticate the virtual resource exchange event or the like).

Thus, present embodiments of the invention provide systems, methods,computer program products and/or the like for intelligentauthentication/verification for resource exchange events that occur in avirtual environment, such as Metaverse or the like. In addition, toproviding for user authentication, the present invention verifies theauthenticity/legitimacy of the resource exchange event itself. In thisregard, Machine Learning (ML) techniques are implemented to identifyuser behavior patterns based, at least, on the user's previouslyconducted virtual environment resource exchange events and, in someembodiments, the user's previously conducted non-virtual (i.e., physicalor online) resource exchange events. In response to the user initiatinga resource exchange event in the virtual environment, characteristics orthe current resource exchange event are compared with the identifieduser behavior patterns to ensure that the current resource exchangeevent is consistent with the user's behavior patterns. Such acomparison, verifies that the authenticity/legitimacy of the resourceexchange event (i.e., verifies that the resource exchange event is beingconducted by the user and not a wrongdoer).

While certain exemplary embodiments have been described and shown in theaccompanying drawings, it is to be understood that such embodiments aremerely illustrative of and not restrictive on the broad invention, andthat this invention is not limited to the specific constructions andarrangements shown and described, since various other changes,combinations, omissions, modifications and substitutions, in addition tothose set forth in the above paragraphs, are possible.

Those skilled in the art may appreciate that various adaptations andmodifications of the just described embodiments can be configuredwithout departing from the scope and spirit of the invention. Therefore,it is to be understood that, within the scope of the appended claims,the invention may be practiced other than as specifically describedherein.

What is claimed is:
 1. A system for authenticating a user and a virtualresource exchange event, the system comprising: a distributed trustcomputing network comprising a plurality of decentralized nodes, eachdecentralized node having a first memory and one or more firstprocessing devices in communication with the first memory, wherein thefirst memory of the decentralized nodes is configured to store one ormore distributed ledgers, each distributed ledger comprising a pluralityof data blocks, wherein in response to a virtual object associated withthe user initiating the virtual resource exchange event, a Non-FungibleToken (NFT) associated with the user is received by the distributedtrust computing network and a plurality of the decentralized nodes areconfigured to validate the NFT, and, in response to validating the NFT,store a data block associated with virtual resource exchange eventwithin one of the one or more distributed ledgers, wherein validatingthe NFT serves to authenticate the user; and a first computing platformincluding a second memory and one or more second processing devices incommunication with the second memory, wherein the second memory stores avirtual resource exchange event authorizer tool that is executable by atleast one of the one or more second processing devices and is configuredto: implement one or more Machine Learning (ML) algorithms to: learn oneor more first user behavior patterns, each first user behavior patternindicating a pattern of behavior of the user in conducting, at least,prior virtual resource exchange events, and in response to receivingdata associated with the virtual resource exchange event being initiatedby the virtual object, apply the one or more first user behaviorpatterns to the data associated with the virtual resource exchange eventto determine whether the virtual resource exchange event is authentic,and in response to (i) the distributed trust computing networkvalidating the NFT, and (ii) determining that the virtual resourceexchange event is authentic, authorize processing of the virtualresource exchange event.
 2. The system of claim 1, further comprising asecond computing platform including a third memory and one or more thirdprocessing devices in communication with the third memory, wherein thethird memory stores a token generator tool that is executable by atleast one of the one or more third processing devices and is configuredto generate a virtual object authentication token that associates theuser with a virtual object identifier that identifies the virtual objectused by the user, wherein the virtual resource exchange event authorizertool is configured to receive or access the virtual objectauthentication token to authenticate the virtual object and whereinauthorizing processing of the virtual resource exchange event is infurther response to (iii) authenticating the virtual object.
 3. Thesystem of claim 1, the virtual resource exchange event authorizer toolis configured to implement the one or more Machine Learning (ML)algorithms to learn the one or more first user behavior patterns,wherein the first user behavior patterns are based on at least one ofone or more metaverses and one or more virtual resource exchangeproviders at which the user conducted the prior virtual resourceexchange events.
 4. The system of claim 1, the virtual resource exchangeevent authorizer tool is configured to implement the one or more MachineLearning (ML) algorithms to learn the one or more first user behaviorpatterns, wherein the first user behavior patterns are based on at leastone of a type of item or service obtained by the user or an amount ofresources exchanged by the user in the prior virtual resource exchangeevents.
 5. The system of claim 1, the virtual resource exchange eventauthorizer tool is configured to implement the one or more MachineLearning (ML) algorithms to learn the one or more first user behaviorpatterns, wherein the first user behavior patterns are based on thegeographic-location of the user when conducting the prior virtualresource exchange events.
 6. The system of claim 1, the virtual resourceexchange event authorizer tool is configured to implement the one ormore Machine Learning (ML) algorithms to learn one or more first userbehavior patterns, each first user behavior pattern indicating a patternof behavior of the user in conducting, at least one of, the priorvirtual resource exchange events and prior non-virtual resource exchangeevents, wherein non-virtual resource exchange events include physicallocation resource exchange events and online resource exchange events.7. The system of claim 6, the virtual resource exchange event authorizertool is configured to implement the one or more Machine Learning (ML)algorithms to learn the one or more first user behavior patterns,wherein the first user behavior patterns are based on at least one of(i) a type of item or service obtained by the user in the priornon-virtual resource exchange events, (ii) an amount of resourcesexchanged by the user in the prior non-virtual resource exchange events,(iii) a geographic-location of the user when conducting the priornon-virtual resource exchange events, and (iv) one or more physical oronline resource exchange providers at which the prior non-virtualresource exchange events occurred.
 8. The system of claim 1, furthercomprising a second computing platform including a third memory and oneor more third processing devices in communication with the third memory,wherein the third memory stores a resource exchange event patterndetection tool that is executable by at least one of the one or morethird processing devices and is configured to implement one or moreMachine Learning (ML) algorithms to learn one or more second userbehavior patterns, each second user behavior pattern indicating apattern of behavior of the user in conducting prior non-virtual resourceexchange events, wherein the virtual resource exchange event authorizertool is further configured to implement the one or more Machine Learning(ML) algorithms to apply the one or more first user behavior patternsand the one or more second user behavior patterns to the data associatedwith the virtual resource exchange event to determine whether thevirtual resource exchange event is authentic.
 9. The system of claim 1,wherein the virtual resource exchange event authorizer tool is furtherconfigured to in response to (i) the distributed trust computing networkfailing to validate the NFT, or (ii) failing to determine that thevirtual resource exchange event is authentic, generate and initiateelectronic communication of an alert to one or more predeterminedentities that notifies the one or more predetermined entities that thevirtual resource exchange event has not been authorized for processing.10. The system of claim 1, wherein the virtual resource exchange eventauthorizer tool is further configured to generate one or more userbehavior reports that indicate the one or more pattern of behaviors ofthe user in conducting, at least, the prior virtual resource exchangeevents.
 11. A computer-implemented method for authenticating a user anda virtual resource exchange event, the computer-implemented method isexecutable by one or more computing processor devices, the methodcomprising: in response to a virtual object associated with a userinitiating the virtual resource exchange event, receiving, at adistributed trust network, a Non-Fungible Token (NFT) associated withthe user; validating, by a plurality of decentralized nodes of thedistributed trust computing network, the NFT, wherein validating the NFTserves to authenticate the user; in response to validating the NFT,storing a data block associated with virtual resource exchange eventwithin a distributed ledger of the distributed trust computing network;implementing one or more Machine Learning (ML) algorithms to learn oneor more first user behavior patterns, each first user behavior patternindicating a pattern of behavior of the user in conducting, at least,prior virtual resource exchange events; in response to receiving dataassociated with the virtual resource exchange event being initiated bythe virtual object, implementing ML techniques to apply the one or morefirst user behavior patterns to the data associated with the virtualresource exchange event to determine whether the virtual resourceexchange event is authentic; and in response to (i) the distributedtrust computing network validating the NFT, and (ii) determining thatthe virtual resource exchange event is authentic, authorizing processingof the virtual resource exchange event.
 12. The computer-implementedmethod of claim 11, further comprising: generating a virtual objectauthentication token that associates the user with a virtual objectidentifier that identifies the virtual object used by the user; andreceiving or accessing the virtual object authentication token toauthenticate the virtual object, wherein authorizing processing of thevirtual resource exchange event is in further response to (iii)authenticating the virtual object.
 13. The computer-implemented methodof claim 11, wherein implementing the one or more Machine Learning (ML)algorithms to learn the one or more first user behavior patterns,further comprises implementing the one or more Machine Learning (ML)algorithms to learn the one or more first user behavior patterns,wherein the first user behavior patterns are based on at least one of(i) one or more metaverses at which the user conducted the prior virtualresource exchange events, (ii) one or more virtual resource exchangeproviders at which the user conducted the prior virtual resourceexchange events, (iii) a type of item or service obtained by the user inthe prior virtual resource exchange events, (iv) an amount of resourcesexchanged by the user in the prior virtual resource exchange events and(v) geographic-location of the user when conducting the prior virtualresource exchange events.
 14. The computer-implemented method of claim11, wherein implementing the one or more ML algorithms to learn one ormore first user behavior patterns further comprises implementing the oneor more ML algorithms to learn one or more first user behavior patterns,each first user behavior pattern indicating a pattern of behavior of theuser in conducting, at least one of, the prior virtual resource exchangeevents and prior non-virtual resource exchange events, whereinnon-virtual resource exchange events include physical location resourceexchange events and online resource exchange events.
 15. Thecomputer-implemented method of claim 11, further comprising:implementing one or more Machine Learning (ML) algorithms to learn oneor more second user behavior patterns, each second user behavior patternindicating a pattern of behavior of the user in conducting priornon-virtual resource exchange events, wherein implementing the MachineLearning (ML) techniques to apply the one or more first user behaviorpatterns further comprises implementing the Machine Learning (ML)techniques to apply the one or more first user behavior patterns and theone or more second user behavior patterns to the data associated withthe virtual resource exchange event to determine whether the virtualresource exchange event is authentic.
 16. A computer program productcomprising: a non-transitory computer-readable medium comprising: afirst set of codes for causing a computer to, in response to a virtualobject associated with a user initiating the virtual resource exchangeevent, receive, at a distributed trust network, a Non-Fungible Token(NFT) associated with the user; a second set of codes for causing acomputer to validate, by a plurality of decentralized nodes of thedistributed trust computing network, the NFT, wherein validating the NFTserves to authenticate the user; a third set of codes for causing acomputer to, in response to validating the NFT, store a data blockassociated with virtual resource exchange event within a distributedledger of the distributed trust computing network; a fourth set of codesfor causing a computer to implement one or more Machine Learning (ML)algorithms to learn one or more first user behavior patterns, each firstuser behavior pattern indicating a pattern of behavior of the user inconducting, at least, prior virtual resource exchange events; a fifthset of codes for causing a computer to, in response to receiving dataassociated with the virtual resource exchange event being initiated bythe virtual object, implement ML techniques to apply the one or morefirst user behavior patterns to the data associated with the virtualresource exchange event to determine whether the virtual resourceexchange event is authentic; and a sixth set of codes for causing acomputer to, in response to (i) the distributed trust computing networkvalidating the NFT, and (ii) determining that the virtual resourceexchange event is authentic, authorizing processing of the virtualresource exchange event.
 17. The computer program product of claim 16,wherein the sets of codes further comprise: a seventh set of codes forcausing a computer to generate a virtual object authentication tokenthat associates the user with a virtual object identifier thatidentifies the virtual object used by the user; and an eight set ofcodes for causing a computer to receive or access the virtual objectauthentication token to authenticate the virtual object, wherein thesixth set of codes is further configured to cause the computer toauthorizing processing of the virtual resource exchange event in furtherresponse to (iii) authenticating the virtual object.
 18. The computerprogram product of claim 16, wherein the fourth set of codes is furtherconfigured to cause the computer to implement the one or more MachineLearning (ML) algorithms to learn the one or more first user behaviorpatterns, wherein the first user behavior patterns are based on at leastone of (i) one or more metaverses at which the user conducted the priorvirtual resource exchange events, (ii) one or more virtual resourceexchange providers at which the user conducted the prior virtualresource exchange events, (iii) a type of item or service obtained bythe user in the prior virtual resource exchange events, (iv) an amountof resources exchanged by the user in the prior virtual resourceexchange events and (v) geographic-location of the user when conductingthe prior virtual resource exchange events.
 19. The computer programproduct of claim 16, wherein the fourth set of codes is furtherconfigured to cause the computer to implement the one or more MLalgorithms to learn one or more first user behavior patterns, each firstuser behavior pattern indicating a pattern of behavior of the user inconducting, at least one of, the prior virtual resource exchange eventsand prior non-virtual resource exchange events, wherein non-virtualresource exchange events include physical location resource exchangeevents and online resource exchange events.
 20. The computer programproduct of claim 19, wherein sets of codes further comprise: a seventhset of codes for causing a computer to implement one or more MachineLearning (ML) algorithms to learn one or more second user behaviorpatterns, each second user behavior pattern indicating a pattern ofbehavior of the user in conducting prior non-virtual resource exchangeevents, wherein the fifth set of codes is further configured to causethe computer to implement the Machine Learning (ML) techniques to applythe one or more first user behavior patterns further comprisesimplementing the Machine Learning (ML) techniques to apply the one ormore first user behavior patterns and the one or more second userbehavior patterns to the data associated with the virtual resourceexchange event to determine whether the virtual resource exchange eventis authentic.